A growing concern has been Web application security Web and application servers are the target of regular attacks by attackers that exploit security loopholes or vulnerabilities in code or design. Adding to this concern are next generation applications; applications that are on the fast track and more appealing to the user, utilizing dynamic AJAX scripts, Web services and newer Web technologies to create intuitive and easy interfaces. The only constant in this space is change. In this dynamically changing scenario it is important to understand new threats that emerge in order to build constructive strategies to protect corporate assets.

This two day workshop will expose students to both aspects of security: attacks and defense. To think of newer Web applications without Web services is a big mistake. Sooner or later existing applications will be forced to migrate to the new framework. This workshop includes several cases, demonstrations and hands-on exercises with newer tools to give you a headstart over others in the field.

The following topics will be covered in-depth during these sessions:

Web Security Fundamentals and Principles, Trends and Opportunities

Methods, Components and Protocols (HTTP, HTTPS and SOAP)

Web application assessment methods - Blackbox and Whitebox approaches

Web application Deployment and Security Deployment issues

Web application Footprinting, Discovery and Profiling

Search engines and their role in Web Application hacking (Google & MSN)

Web application attack vectors and assets-to-attacks-mapping

XML-based attacks

SQL, LDAP, XPATH injection techniques

XSS, Cross-site cookie spoiling and AJAX-hacking

Web services frameworks

Web services footprinting, discovery and profiling

Web services attacks

Web application firewall - Build and Deploy

Web security controls and best practices

Secure coding and reverse engineering methods

Tools and Techniques

Hands-on challenges and labsAbout the trainer

Shreeraj Shah

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

He is also the author of popular books like Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, Oâ€™reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.